Councils attacked over email ‘phishing’

editorial image
Have your say

HARDLY any of Yorkshire’s town halls have heeded calls to put in place measures to prevent their email addresses being hijacked by criminals, a report has warned.

All but one of the region’s biggest councils are said to have failed to act on advice from the intelligence agency GCHQ to implement an industry-standard validation system designed to root out fake messages - with only Leeds reported to have complied.

The report comes after a cyber attacker crippled many NHS services across the region in the summer. Health service websites were infected with “ransomware”, which demanded money for its removal.

The latest report criticises public bodies for failing to protect their addresses against “phishing” attacks, in which criminals pretend to be someone else in order to access the personal and financial details of their victims.

Banks and other financial institutions, including PayPal and Ebay, have been targeted frequently by crooks, as has the government’s tax collection agency HMRC - which often appears to be the source of emails promising lucrative tax rebates.

But the government’s National Cyber Security Centre, which is part of GCHQ, has said that fewer than five per cent of other public sector organisations have taken sufficient steps to prevent similar attacks, by using the validation protocol known as DMARC.

Randal Pinto of the data intelligence company OnDMARC, said: “HMRC was able to reduce the threat of phishing by stopping 300m emails in 2016. It’s high time that cyber defence became a priority at the local council level.”

Many councils across the region told the YEP that they had implemented their own security measures, with one authority, in Hull, saying: “DMARC is one of a range of risk reduction measures available to us for reducing malicious cyber-attacks, and we continue to review it with a view to adoption in future.”

Michael Clements, assistant chief executive for resources and governance at Wakefield Council, said “robust measures” were in place to prevent cyber attacks.

He added: “We are working towards the implementation of the DMARC email validated system on the advice of GCHQ.”